To add a new schema class or attribute definition
1. | Open the Active Directory Schema snap-in. |
2. | In the console tree, click Active Directory Schema. |
| Do one of the following:
| - To add a class definition, in the console tree, right-click Classes, click Create Class, and then follow the instructions.
|
| - To add an attribute definition, in the console tree, right-click Attributes, click Create Attribute, and then follow the instructions
|
|
Notes
| To perform this procedure, you must be a member of the Schema Admins group in Active Directory, or you must have been delegated the appropriate authority |
The Active Directory Schema snap-in must be connected to the schema master to perform this procedure
To install the Active Directory Schema snap-in
1. | Open Command Prompt. |
2. | Type: regsvr32schmmgmt.dll This command will register schmmgmt.dll on your computer. For more information about using regsvr32, see Related Topics. |
3. | Click Start, click Run, type mmc /a, and then click OK. |
4. | On the File menu, click Add/Remove Snap-in, and then click Add. |
5. | Under Available Standalone Snap-ins, double-click Active Directory Schema, click Close, and then click OK. |
6. | To save this console, on the File menu, click Save. |
7. | In Save in, point to the systemroot\system32 directory. |
8. | In File name, type schmmgmt.msc, and then click Save. |
9. | To create a shortcut on your Start menu:
• | Right-click Start, click Open All Users, double-click the programs folder, and then double-click the Administrative Tools folder. |
• | On the File menu, point to New, and then click Shortcut. |
• | In the Create Shortcut Wizard, in Type the location of the item, type schmmgmt.msc, and then click Next. |
• | On the Select a Title for the program page, in Type a name for this shortcut, type Active Directory Schema, and then click Finish. |
|
Managing the Active Directory schema from MMC
The Active Directory Schema snap-in is a Microsoft Management Console (MMC) administrative tool for managing the schema. The Active Directory Schema snap-in can only be used from a computer with access to a domain. The Active Directory Schema snap-in is not available by default on the Administrative Tools menu, and must be added manually
Verify Active Directory functionality before you apply the schema extension
Verify Active Directory functionality before you update the schema to help ensure that the schema extension proceeds without error. At a minimum, ensure that all domain controllers for the forest are online and performing inbound replication.
| To verify Active Directory functionality before you apply the schema extension |
|
1. | Log on to an administrative workstation that has the Windows Support Tool Repadmin.exe installed.
|  Note:
|
| The Support Tools are located on the operating system installation media in the Support\Tools folder. |
|
2. | Open a command prompt, and then change directories to the folder in which the Windows Support Tools are installed. |
3. | At a command prompt, type the following, and then press ENTER: repadmin /replsum /bysrc /bydest /sort:delta All domain controllers should show 0 in the Fails column, and the largest deltas (which indicate the number of changes that have been made to the Active Directory database since the last successful replication) should be less than or roughly equal to the replication frequency of the site link that is used by the domain controller for replication. The default replication frequency is 180 minutes. |
|
For more information about additional steps that you can take to verify Active Directory functionality before you apply the schema extension.
Apply the schema extension
Use the following procedure to apply the Windows Server 2003 R2 schema extension to the Active Directory schema.
| To apply the Windows Server 2003 R2 schema extension to the Active Directory schema |
|
1. | Log on to the computer that holds the schema master operations role as a member of the Schema Admins group and the Enterprise Admins group. If you are not sure which computer holds the schema master operations role, type the following at a command prompt, and then press ENTER: Netdom query FSMO
| Note: |
| The built-in Administrator account in the forest root domain is a member of the Schema Admins group by default. |
|
2. | Verify that the schema operations master has performed inbound replication of the schema directory partition. Type the following at a command prompt, and then press ENTER: repadmin showreps |
3. | Be sure that you are planning to run Adprep from a 32-bit version of Windows Server 2003 R2 if your schema master is currently running a 32-bit version of Windows Server. Run Adprep from a 64-bit version of Windows Server 2003 R2 if your schema master is currently running a 64-bit version of Windows Server. If you do not have the required version of Adprep. To determine the version of Windows operating system that is running on the schema master, type the following at a command prompt, and then press ENTER: winver |
4. | Change directories to the location that contains the appropriate Adprep version. Type the following command at the command prompt, and then press ENTER: cd cmpnents\R2\ADPREP adprep /forestprep |
|
Verify the schema extension
After you run Adprep, you can use the Windows Support tool ADSI Edit to verify the schema extension.
| To verify the schema extension |
|
1. | Log on to an administrative workstation that has ADSI Edit installed. |
2. | Click Start, click Run, type adsiedit.msc, and then click OK. |
3. | Double-click Configuration Container, and then double-click CN=Configuration,DC=forest_root_domain where forest_root_domain is the fully qualified domain name (FQDN) of your forest root domain. |
4. | Double-click CN=ForestUpdates. |
5. | Right-click CN=Windows2003Update, and then click Properties. |
6. | Verify that the Revision attribute value is 9. |
7. | Double-click Schema. |
8. | Right-click CN=Schema,CN=Configuration,DC=forest_root_domain where forest_root_domain is the FQDN of your forest root domain. |
9. | Click Properties. |
10. | On the Attributes tab, for Select a property to view, select objectVersion. |
11. | Verify that Value(s) equals 31. |
|
To view a schema class or attribute definition
1. | Open the Active Directory Schema snap-in. |
2. | In the console tree, click Active Directory Schema. |
3. | Do one of the following:
• | To view a class definition, in the console tree, click Classes. In the details pane, right-click the class for which you want to view the definition, and then click Properties. |
• | To view an attribute definition, in the console tree, click Attributes. In the details pane, right-click the attribute for which you want to view the definition, and then click Properties. |
|
No comments:
Post a Comment